Big Blue Battles Security Bogeymen: Big Data, Cloud, Mobile

Security software, one of the few bright spots in IBM’s latest quarter that saw a 5% revenue decline, is getting an upgrade with 10 new products and enhancements targeted at three enterprise bogeymen, cloud, mobility and big data. These announcements start to more fully round out IBM’s global protection, filling out a “good enterprise bucket of capabilities”, said Steve Robinson,Vice President of Development, Strategy and Product Management, IBM Security Systems.

“The security landscape is drastically changing,” he said. Five years ago it was all about the perimeter and the three G’s: guns, gates and guards, but today the perimeter is moving inside. “The common theme is around the perimeter-less world that we’re moving into.”

Big Blue is taking what it calls a holistic approach to security, with its latest offerings intended to help clients better maintain security control over mobile devices, mitigate internal and external threats, reduce security risks in cloud environments, expand database security to gain real-time insights into big data environments such as Hadoop, and automate compliance and data security management. Among the <a href=”www.ibm.com/security”>announcements</a> are: InfoSphere Guardium for real time monitoring and automated compliance reporting for Hadoop based systems; a Mobile Security Framework; SmartCloud for Patch Management; QRadar enhancements; IBM Security Privileged Identity Manager to address insider threat concerns and help demonstrate compliance; and enhancements to IBM Security Access Manager for Cloud and Mobile, and IBM Security zSecure.

The big data focus is somewhat of a preemptive strike, said Robinson, with most users still in the early phases of adoption and is primarily limited to a smaller set of the top-tier accounts. “Security is a prime target for big data. The joke going around is that the good news is we have a lot of data. The bad news is we have a lot of data.”

Depending upon currency fluctuations, IBM’s revenue was down 1-5%, said Mark Loughridge, SVP and CFO, during an analysts’ call, but “Tivoli Security was up 9% at constant currency driven by Q1 Labs which provides next-generation security intelligence.” Overall, IBM turned in a decent quarter, with profit up 7%, with software profits coming in at 10%.

Despite the economic slowdown, security is continuing to grab a bigger slice of IT budgets. According to Gartner, spending on security is expected to rise to $60 billion in 2012, up 8.4 percent from 2011, and expected to reach $86 billion in 2016.

“The main takeaway from these announcements for me is that IBM is expanding its security footprint in areas that play to its strengths,” said analyst Scott Crawford, Enterprise Management Associates. “For example, extending the value of identity expands their existing penetration of that market. The mobile efforts capitalize on a number of strengths, such as the acquisition of BigFix and its endpoint management capabilities, the acquisition of Worklight and application of AppScan to mobile app security, while the Big Data offerings speak to a growing awareness of the need for control and awareness in emerging (and still-maturing) environments for large-scale data management.”

The future also looks bright for continuing growth, he said. “Looking ahead, as enterprises seek to wring greater value out of the data they have – while at the same time seeking to improve security – the convergence of these common interests could move IBM in new directions that give it an even stronger position in the market of security data analysis. Already, the acquisition of Q1Labs has given IBM a strong position in security data management and analytics, while OpenPages gave it a significant presence in enterprise risk management. Given the company’s major investments in analytics and data management across the board, it will be intriguing to see where IBM applies its strongest capabilities in security tomorrow.”

The most significant element of IBM’s announcements appears to be the ability to use Guardium to provide monitoring and automated compliance reporting for Hadoop-based systems, said Charles Kolodgy, Research Vice President – Secure Products, IDC. “If enterprises are going to be able to utilize big data systems they must be able to prove compliance regarding who has access to the data, who changed the data, and has any data leaked.”

He also thinks improvements to data encryption management are significant. “Most people won’t appreciate it but data encryption is a critical activity and improving automation of key recovery should make it easier to implement encryption with greater assurance that the data can be recovered.” He added that the cloud-based Patch Management should improve the ability to install patches, as most attacks are still against known vulnerabilities. “Finally the new IBM Security Access Management appliance for cloud and mobile will make it easier to deal with a ever growing mobile enabled environment.”

Paula Musich, Principal Analyst, Enterprise Security, Current Analysis, believes IBM’s ability to better leverage the synergies it has across its broad portfolio of security products sets IBM up to compete more effectively within large enterprises that are looking to consolidate the number of security vendors that they work with. “This vendor consolidation trend has been going on for a while now, and IBM can now go to market with a more cohesive product set.”

She also noted that IBM and HP are direct competitors in this space, but HP had a head start in its integration efforts thanks to its earlier acquisitions of Arcsight, Fortify and 3Com (TippingPoint). “Arcsight is/was the 800 lbs gorilla in the SIEM market, and Q1 Labs was nipping at its heels as a pure play SIEM provider. IBM seems to be working quickly to integrate QRadar and the intelligence that it gathers with an increasing range of its other security products to make the whole greater than the sum of its parts in the new security unit.”

When it comes to big data and security, the focus in the threat management industry has been to leverage big data technology such as Hadoop in large threat research operations such as Trend Micro’s Trend Labs or McAfee’s Global Threat Intelligence, said Musich. “There’s been less focus on actually monitoring and providing compliance reporting on big data systems.”

A lot of the focus on big data and security has been on leveraging SIEM technology to gather more security intelligence to better spot advanced persistent threats, she said. “It’s not clear yet that those technologies can adequately scale to provide real-time or near-real time threat detection of APTs. So IBM’s focus on monitoring Hadoop systems is unique in that regard as well.”

The changing security environment is not just about the changing nature of the perimeter, said Robinson. Last year’s explosion in public breeches also contributed to this fundamental change, making security more of a board-level issue. “Many firms woke up to the fact that being compliant didn’t mean being secure.”

Increasingly, organizations are basing their security strategy so they can mitigate the degree of risk so they end up with a level of risk that they – and their board – can live with, he said. Robinson tells accounts IBM’s security role is akin to a car’s GPS, I.e a navigation problem. “They have to understand where I am today, and understand where we’re going.”